SONARPY-944 Use precomputed Typeshed symbols for third-party libraries in the Python analyzer#1061
Conversation
andrea-guarino-sonarsource
changed the title
andrea-guarino-sonarsource
force-pushed
the
SONARPY-944
branch
6 times, most recently
from
d421c7e to
89990eb
Compare
guillaume-dequenne
left a comment
guillaume-dequenne
left a comment
There was a problem hiding this comment.
Looks good! I left some minor comments. I think it would be nice merging this in a separate branch so that I can incorporate my changes from SONARPY-945 there as well, so that we can validate every regression in sonar-security is under control before merging everything.
| path = os.path.join(CURRENT_PATH, relative_path) | ||
| for root, dirs, files in os.walk(path): | ||
| package_name = root.replace(path, "").replace("\\", ".").replace("/", ".").lstrip(".") | ||
| if not generate_python2_stdlib and "python2" in package_name: |
There was a problem hiding this comment.
Is it needed to generalize this bit? I think only the stdlib has a @python2 part in its path.
There was a problem hiding this comment.
Yes Indeed I changed it to generalize. However, also third_parties has @python2 (for example six)
| self.pretty_printed_name = f"Tuple[{','.join(item_names)}]" | ||
| if any(item.is_unknown for item in items): | ||
| self.kind = None | ||
| self.is_unknown = True |
There was a problem hiding this comment.
Why not have a Tuple with Any items in that case? Or just another field that mark the entirety of items as unknown?
There was a problem hiding this comment.
Indeed, I hesitated a bit if creating a Tuple with Any. I took the simplest approach for the time being, if that's fine also for you, I would prefer to handle this in a separate PR. I can create a ticket for it.
|
|
||
|
|
||
| def save_module(ms: Union[ModuleSymbol, MergedModuleSymbol], is_debug=False, debug_dir="output"): | ||
| def save_module(ms: Union[ModuleSymbol, MergedModuleSymbol], is_debug=False, debug_dir="output", is_stdlib=True): |
There was a problem hiding this comment.
I need to do the same thing for custom stubs and used a similar boolean for that. I don't think it's a good approach once we have to distinguish between the 3 cases.
Another idea I just had was to use a field on the module level to indicate its type (custom / stdlib / third party) and define the save_dir through that field. Wdyt?
In any case this doesn't need to be changed here, I can also do it in my PR when generalizing the method.
There was a problem hiding this comment.
Sure, makes sense to me. I will let you do it in your PR
| output_dir_name = output_dir_name if python_version >= (3, 0) else f"{output_dir_name}@python2" | ||
| opt = get_options(python_version) | ||
| build_result = walk_typeshed_stdlib(opt) | ||
| _, build_result = walk_typeshed_stdlib(opt) |
There was a problem hiding this comment.
If we always use build_result but not always source_paths, maybe we could change the order in which they are returned?
There was a problem hiding this comment.
Sure, I can do that
|
|
||
| private static Map<String, Symbol> getSymbolsFromProtobufModule(String moduleName) { | ||
| InputStream resource = TypeShed.class.getResourceAsStream(PROTOBUF + moduleName + ".protobuf"); | ||
| private static Map<String, Symbol> getSymbolsFromProtobufModule(String moduleName, boolean isThirdParty) { |
There was a problem hiding this comment.
Instead of a boolean, what about passing the directory name directly (so that this generalizes more easily with custom stubs) ?
There was a problem hiding this comment.
As discussed, I will let you do that in your PR :)
| private static final String THIRD_PARTY_3 = "typeshed/third_party/3/"; | ||
| private static final String CUSTOM_THIRD_PARTY = "custom/"; | ||
| private static final String PROTOBUF = "protobuf/"; | ||
| private static final String PROTOBUF_THIRD_PARTY = "protobuf/stubs/"; |
There was a problem hiding this comment.
Currently we have stdlib under protobuf and third parties under protobuf/stubs. All of this is under types which currently holds Typeshed as well.
What about going for a protobuf_stdlib, protobuf_thid_parties and protobuf_custom all at the same level, for better clarity?
There was a problem hiding this comment.
works for me! if that's fine I will let you also do that in your PR or I can do it in another separate PR
| resp = make_response("hello") | ||
| resp.headers['Access-Control-Allow-Origin'] = '*' # Noncompliant | ||
| # ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
| resp.headers['Access-Control-Allow-Origin'] = '*' # FN |
There was a problem hiding this comment.
Do you know why this becomes a FN? Is this the one related to the other ticket you created?
There was a problem hiding this comment.
This is because attributes were missing from typeshed classes. I think this change is not needed after I rebase on master :)
There was a problem hiding this comment.
I confirm, after rebase the issue is raised again :)
|
|
||
| def main(): | ||
| save_merged_symbols() | ||
| save_merged_symbols(is_third_parties=True) |
There was a problem hiding this comment.
I guess this change is not needed.
…s in the Python analyzer
andrea-guarino-sonarsource
force-pushed
the
SONARPY-944
branch
from
89990eb to
e46e978
Compare
andrea-guarino-sonarsource
changed the base branch from
master
to
typeshed-rework
|
SonarQube Quality Gate
|
GitOrigin-RevId: c7c8ff06ab0e3f046cf936c4656b4185c1012161
3 participants
No description provided.